Highlights:

  • The violated data included resembling information about a large number of suspects and officers comprising contact numbers, residential addresses, and social security numbers.
  • Last year ODIN made highlights as it was found to be catering the facial recognition technology for recognizing homeless people.

ODIN Intelligence LLC, a law enforcement tools provider including a sex offender tracking system, reported its website being vandalized on the weekend. The company claimed that the law enforcement data was exposed online.

The news was first reported by a famous media house, revealing that the tarnishing message on the site was “ACAB” and “no nations! No borders! We are all illegal.” Another message read “all data and backups have been shredded.” Indicating that those who hacked into the system had deleted all data on the server hosting the site.

A report by Wired on January 11 disclosed that ODIN’s application SweepWizard, used by police for apprehending sex offenders, has been leaking data openly on the internet. The tarnishing attack on the company’s site happened after this release. The report claimed that suspects could easily access private data about them and use it to skip arrests or increase suspicion about people who have not yet been convicted of any crime.

The information leaked is claimed to be very extensive, including confidential documents of a large range from several police departments over many years. The violated data included information about many suspects and officers, comprising contact numbers, residential addresses, and social security numbers. The report claimed that the information “was likely exposed due to a simple misconfiguration in the app,” indicating another poorly protected cloud storage case.

Last year ODIN made highlights as it was found to be catering the facial recognition technology for recognizing homeless people. Some people alleged that the language used in the marketing pitch of ODIN Homeless Management Information System was insensitive and derogatory.

Dr. Ilia Kolochenko, the founder of application security company ImmuniWeb SA and a member of the Europol Data Protection Experts Network, said “third-party vendors and suppliers are actually the Achilles’ heel of law enforcement agencies.” He also conveyed “per se, website defacement is a low-risk security incident, mostly carrying out reputational consequences. In this case, however, there are various indicators that the website defacement may be just the tip of the iceberg of a major data breach.”

The alleged attack “may be one of the most harmful data breaches of 2023 given the highly confidential and classified nature of the information that could have been compromised by the attackers. If law enforcement intelligence data ends up in the hands of organized crime, it may lead to tragic consequences for police officers and undercover agents,” he added.